Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1146860
Description of problem:
Users are quite certain not to come up with random (high-entropy) passwords,
let alone with high-entropy one time passwords. IMHO IPA should at least offer
to generate OTPs for host enrollment in the UI, or if there are no
backward-compatibility concerns, use generation as a default method with custom
OTPs as a user-requested fallback
Version-Release number of selected component (if applicable):
ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5
Steps to Reproduce:
1. add a host in the Web UI
2. set an Enrollment OTP for the host
user is requested to type and retype the password
user should be offered with generated OTP by default
I wonder if it would fly well with current Web UI - as password is generated during host addition, so the password would be known after the host creation is submitted.
Web UI may need to implement own random password generator to workaround it...
Not necessarily. We can add checkbox into adder dialog to send 'random=true' and then display 'randompassword' in the dialog along with success message. Ie. the dialog would not be closed in this case.
Not a priority for now. Patches welcome!
This is a basic workflow that junior admins using Web UI may leverage, while at the same time it should be really easy to do (just use --random flag and show the result).
Metadata Update from @jcholast:
- Issue assigned to pvomacka
- Issue set to the milestone: FreeIPA 4.4
to comment on this ticket.